GitHub Advisory DatabaseGHSA-MXF2-4R22-5HQ9XWiki Platform Web Parent POM vulnerable to XSS in the attachment history
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
72.8%
Impact
It’s possible to store a JavaScript which will be executed by anyone viewing the history of an attachment containing javascript in its name.
For example, attachment a file with name ><img src>.jpg will execute the alert.
Patches
This issue has been patched in XWiki 13.10.6 and 14.3RC1.
Workarounds
It is possible to replace viewattachrev.vm, the entry point for this attack, by a patched version from the patch without updating XWiki.
References
For more information
If you have any questions or comments about this advisory:
- Open an issue in Jira XWiki.org
- Email us at Security Mailing List
Affected configurations
Related
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
72.8%